summary refs log tree commit diff stats
path: root/results/classifier/118/graphic/786211
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/graphic/786211')
-rw-r--r--results/classifier/118/graphic/78621138
1 files changed, 38 insertions, 0 deletions
diff --git a/results/classifier/118/graphic/786211 b/results/classifier/118/graphic/786211
new file mode 100644
index 000000000..5eb465411
--- /dev/null
+++ b/results/classifier/118/graphic/786211
@@ -0,0 +1,38 @@
+graphic: 0.951
+semantic: 0.932
+ppc: 0.897
+architecture: 0.837
+device: 0.778
+socket: 0.728
+network: 0.666
+vnc: 0.616
+boot: 0.475
+risc-v: 0.460
+mistranslation: 0.444
+kernel: 0.408
+arm: 0.405
+VMM: 0.391
+assembly: 0.376
+i386: 0.358
+debug: 0.357
+PID: 0.336
+register: 0.334
+TCG: 0.329
+x86: 0.273
+files: 0.241
+performance: 0.199
+virtual: 0.191
+peripherals: 0.162
+KVM: 0.160
+permissions: 0.158
+user-level: 0.089
+hypervisor: 0.015
+
+Missing checks for valid, writable, firmware in fw_cfg_write
+
+The `fw_cfg_write` function in the firmware emulation is missing checks to ensure that the firmware being written is (a) a valid index, and (b) writable. This can lead to a segmentation fault and potentially (in the case of writing to FW_CFG_INVALID), memory corruption, although the attacker has fairly limited control over whether and what corruption is possible.
+
+
+
+fw_cfg_write() support has been removed since QEMU 2.4, so I think we can treat this as fixed now: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=023e3148567ac898c725813
+